linux/fs/cifs
David Disseldorp 5105a7ffce cifs: fix negotiate context parsing
smb311_decode_neg_context() doesn't properly check against SMB packet
boundaries prior to accessing individual negotiate context entries. This
is due to the length check omitting the eight byte smb2_neg_context
header, as well as incorrect decrementing of len_of_ctxts.

Fixes: 5100d8a3fe ("SMB311: Improve checking of negotiate security contexts")
Reported-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
2023-04-15 18:26:56 -05:00
..
asn1.c cifs: decoding negTokenInit with generic ASN1 decoder 2021-06-20 21:28:17 -05:00
cached_dir.c cifs: fix dentry lookups in directory handle cache 2023-03-24 14:37:12 -05:00
cached_dir.h cifs: drop the lease for cached directories on rmdir or rename 2022-10-19 17:57:41 -05:00
cifs_debug.c cifs: print session id while listing open files 2023-03-23 11:19:42 -05:00
cifs_debug.h smb3: add dynamic trace points for tree disconnect 2022-10-05 01:31:18 -05:00
cifs_dfs_ref.c cifs: set DFS root session in cifs_get_smb_ses() 2023-03-14 21:05:53 -05:00
cifs_fs_sb.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
cifs_ioctl.h cifs: minor cleanup of some headers 2022-12-12 13:08:06 -06:00
cifs_spnego_negtokeninit.asn1 cifs: decoding negTokenInit with generic ASN1 decoder 2021-06-20 21:28:17 -05:00
cifs_spnego.c cred: Do not default to init_cred in prepare_kernel_cred() 2022-11-01 10:04:52 -07:00
cifs_spnego.h cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
cifs_swn.c smb3: add dynamic trace points for tree disconnect 2022-10-05 01:31:18 -05:00
cifs_swn.h cifs: simplify SWN code with dummy funcs instead of ifdefs 2021-04-25 16:28:22 -05:00
cifs_unicode.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
cifs_unicode.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
cifs_uniupr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
cifsacl.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
cifsacl.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
cifsencrypt.c cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
cifsfs.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
cifsfs.h cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL 2023-03-30 17:28:44 -05:00
cifsglob.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
cifspdu.h cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
cifsproto.h cifs: prevent data race in cifs_reconnect_tcon() 2023-03-01 18:18:25 -06:00
cifsroot.c cifs: move from strlcpy with unused retval to strscpy 2022-08-19 11:02:26 -05:00
cifssmb.c cifs: double lock in cifs_reconnect_tcon() 2023-04-06 22:45:41 -05:00
connect.c smb3: fix unusable share after force unmount failure 2023-03-24 14:37:12 -05:00
dfs_cache.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
dfs_cache.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
dfs.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
dfs.h cifs: fix use-after-free bug in refresh_cache_worker() 2023-03-14 21:07:44 -05:00
dir.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
dns_resolve.c cifs: set resolved ip in sockaddr 2022-12-19 08:03:11 -06:00
dns_resolve.h cifs: set resolved ip in sockaddr 2022-12-19 08:03:11 -06:00
export.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
file.c cifs: check only tcon status on tcon related functions 2023-03-17 13:22:22 -05:00
fs_context.c cifs: sanitize paths in cifs_update_super_prepath. 2023-04-05 12:32:19 -05:00
fs_context.h cifs: sanitize paths in cifs_update_super_prepath. 2023-04-05 12:32:19 -05:00
fscache.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
fscache.h cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
inode.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
ioctl.c cifs: Fix wrong return value checking when GETFLAGS 2022-11-16 00:21:04 -06:00
Kconfig cifs: Change the I/O paths to use an iterator rather than a page list 2023-02-20 18:36:02 -06:00
link.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
Makefile cifs: get rid of mount options string parsing 2022-12-19 08:03:11 -06:00
misc.c cifs: sanitize paths in cifs_update_super_prepath. 2023-04-05 12:32:19 -05:00
netlink.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink.h cifs: Register generic netlink family 2020-12-14 09:16:22 -06:00
netmisc.c cifs: remove unused server parameter from calc_smb_size() 2022-08-17 18:07:13 -05:00
nterr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
nterr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
ntlmssp.h cifs: Replace zero-length arrays with flexible-array members 2023-02-20 11:48:47 -06:00
readdir.c cifs: Replace remaining 1-element arrays 2023-02-20 11:48:48 -06:00
rfc1002pdu.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
sess.c cifs: get rid of dns resolve worker 2023-02-20 17:25:43 -06:00
smb1ops.c cifs: Fix uninitialized memory reads for oparms.mode 2023-02-20 11:48:48 -06:00
smb2file.c 46 fs/cifs (smb3 client) changesets, 37 in fs/cifs and 9 for related helper functions and cleanup outside from Dave Howells and Willy 2023-02-22 17:12:44 -08:00
smb2glob.h smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common 2022-03-26 23:09:20 -05:00
smb2inode.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
smb2maperror.c cifs: Create a new shared file holding smb2 pdu definitions 2021-11-05 09:50:57 -05:00
smb2misc.c smb3: Replace smb2pdu 1-element arrays with flex-arrays 2023-02-20 17:25:43 -06:00
smb2ops.c cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
smb2pdu.c cifs: fix negotiate context parsing 2023-04-15 18:26:56 -05:00
smb2pdu.h smb3: Replace smb2pdu 1-element arrays with flex-arrays 2023-02-20 17:25:43 -06:00
smb2proto.h cifs: Parse owner/group for stat in smb311 posix extensions 2022-12-08 09:51:53 -06:00
smb2status.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
smb2transport.c cifs: avoid race conditions with parallel reconnects 2023-03-24 09:03:55 -05:00
smbdirect.c cifs: Fix an uninitialised variable 2023-03-01 18:17:36 -06:00
smbdirect.h cifs: Build the RDMA SGE list directly from an iterator 2023-02-20 18:36:02 -06:00
smbencrypt.c cifs: rename cifs_common to smbfs_common 2021-09-08 23:59:26 -05:00
smberr.h cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
trace.c smb3: Cleanup license mess 2019-01-24 09:37:33 -06:00
trace.h cifs: append path to open_enter trace event 2023-03-24 09:02:26 -05:00
transport.c cifs: Move the in_send statistic to __smb_send_rqst() 2023-03-05 17:50:38 -06:00
unc.c cifs: don't cargo-cult strndup() 2021-04-25 16:28:23 -05:00
winucase.c cifs: remove pathname for file from SPDX header 2021-09-13 14:51:10 -05:00
xattr.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00